Based on your view as a security researcher, do you feel the mobile industry is improving in security?
Yes, security is always moving forward and forcing attackers to take different approaches to be successful.
Over the last couple of years Android exploitation has been getting increasingly annoying for attackers with technologies like ASLR, SE for Android and the beginning of dm-verity, etc but unfortunately these technologies don’t stop poorly written apps from wrecking havoc, leaking data, and therefore leaving low hanging fruit on the table. Mobile devices have such rich APIs that most of the valuable data an attacker would like is exposed not just at the OS layer but at the app layer as well. Containerization isn’t the silver bullet here either.
The mobile space has changed an attacker’s focus from being primarily web browsers to a broader set of apps that each have potential for unique implementation flaws. While you might think iOS would be less affected by this because the system provides so much f